U.S. Dept. of Justice Shuts Down Coreflood Botnet

The U.S. Department of Justice and FBI have disabled Coreflood, a decade-old botnet that’s infected more than 2 million private computers, by seizing and replacing five command and control servers and 29 domain names used by the botnet, the Department of Justice said in a press release Wednesday.

Coreflood has compromised numerous victims’ bank accounts by stealing their user names, passwords and other personal financial information, the government said. The malware is designed to record keystrokes and control a victim’s computer remotely via one of its command and control servers.

The U.S. Attorney’s Office for the District of Connecticut filed a civil complaint against 13 “John Doe” defendants alleging that they had committed “wire fraud, bank fraud and illegal interception of electronic communications” and obtained a temporary restraining order to take hold of Coreflood, the statement read.

The temporary restraining order allows U.S. authorities to send each infected computer a command that will shut off the malware’s operations, the government said.

This week’s unusual move follows a major bust of account-raiding cyber thieves last fall in New York.

“The actions announced today are part of a comprehensive effort by the department to disable an international botnet, while at the same time giving consumers the ability to take necessary steps to protect themselves from this harmful malware,” Assistant Attorney General Lanny A. Breuer of the Criminal Division said.

According to reports by Wired, the non-profit organization Internet Systems Consortium would replace the botnet’s servers, collect the IP addresses of computers infected by the malware and execute the “stop” commands to the infected computers under government supervision.

The government promised that the Coreflood intervention would not compromise infected computer users’ private information, stating, “At no time will law enforcement authorities access any information that may be stored on an affected computer.”

Officials said they also would give users the option to opt out of the temporary restraining order should they wish to continue running Coreflood.